<?php
/*
   Copyright 2011 BiSe Trojanov

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/
 $sad_inadmin=true; require_once('../index.php');

 if (strlen($_GET['url'])>0 and iam()){
  header('location: '.$_GET['url']);exit;
 }

 $error='';

 $q=mysql_query('select count(*) as `count` from `'.$sad_prefix.'_users`');
 if (!mysql_error()){
  $q_c=mysql_fetch_assoc($q);
  if ($q_c['count']==0){$error.='Table `'.$sad_prefix.'_users` is empty<br />';}
 }

 if (strlen($_POST['login'])>0 and strlen($_POST['password'])>0){
  $q=mysql_query('select * from `'.$sad_prefix.
                 '_users` where `login` like "'.
                 sad_safe_html($_POST['login']).'"');
  if (!mysql_error()){
   $q_c=mysql_fetch_assoc($q);
   if ($q_c['password']!=='' and md5($_POST['password'])==$q_c['password']){
    $_SESSION['sad_login']   =$q_c['login'];
    $_SESSION['sad_password']=$q_c['password'];
    $_SESSION['sad_rights']  =$q_c['rights'];
    $_SESSION['sad_time']    =time();
    mysql_query('insert into `'.$sad_prefix.'_history` (`title`,`text`,'.
                '`time`) values ("User logged in","User '.
                sad_safe_html($q_c['login']).' logged in at '.
                gmdate('Y-m-d-H-i-sO').'", '.time().')');
    if (strlen($_POST['url'])>0){
     header('location: '.$_POST['url']);
    }else{
     header('location: '.$sad_baseurl.'/');
    }
    exit;
   }else{
    mysql_query('insert into `'.$sad_prefix.'_history` (`title`,`text`,'.
                '`time`) values ("User password incorrect","User '.
                sad_safe_html($q_c['login']).' logged off cos '.
                'incorrect password at '.gmdate('Y-m-d-H-i-sO').
                '", '.time().')');
   }

   //error
   if ($q_c['password']==''){
    $error.='Password of this user is null<br />';
   }else{
    if ($q_c['password']!==md5($_POST['password'])){
     $error.='Login or password is incorrect<br />';
    }
   }

  }else{
   $error.='Mysql Error<br />';
  }
 }

?><!doctype html><html>
<head>
 <title>Please, login</title>
 <link rel="stylesheet" href="<?php echo $sad_baseurl; ?>/i/style/login.css" type="text/css" media="screen">
</head><body>
 <div class="main"><form method="post">
  <div>Login: <input name="login" <?php
   if (strlen($_POST['login'])>0){
    echo 'value="'.sad_safe_html($_POST['login']).'"';
   }else{
    if (iam()){
     echo 'value="'.sad_safe_html($_SESSION['sad_login']).'"';
    }
   }
  ?> class="textbox" /></div>
  <div>Password: <input name="password" type="password" class="textbox" /></div>
  <input name="url" type="hidden" value="<?php echo sad_safe_html($_GET['url']); ?>" />
  <input type="submit" class="submit" value="Log in" />
  <?php
   if (iam()){echo 'You already logged in<br />';}
   if (strlen($error)>0){echo '<span style="color: red">'.$error.'</span>';}
  ?>
 </form></div>
</body></html>